c-ares: Buffer Underwrite in ares_inet_net_pton()

A vulnerability was found in c-ares. This issue occurs in the aresinetnetpton function, which is vulnerable to a buffer underflow for certain ipv6 addresses. "0::00:00:00/2" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which woul...

SUSE CVE-2023-48231

Vim is an open source command line text editor. When closing a window, vim may try to access already freed window structure. Exploitation beyond crashing the application has not been shown to be viable. This issue has been addressed in commit 25aabc2b which has been included in release version...

CVE-2023-48090

GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks in extractattributes mediatools/m3u8.c:329...

[SECURITY] Fedora 37 Update: frr-8.5.3-1.fc37

FRRouting is free software that manages TCP/IP based routing protocols. It ta kes a multi-server and multi-threaded approach to resolve the current complexity of the Internet. FRRouting supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EI GRP and BFD. FRRouting is a fork of Quagga...

SUSE CVE-2023-47360

Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length...

runc: Rootless runc makes `/sys/fs/cgroup` writable

A flaw was found in runc, where it is vulnerable to a denial of service caused by improper access control in the /sys/fs/cgroup endpoint. This flaw allows a local authenticated attacker to cause a denial of service...

SUSE CVE-2023-47359

Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket and results in a memory corruption...

squid: Denial of Service in HTTP Digest Authentication

Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication...

SUSE CVE-2023-46445

An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message RFC 8308 via a man-in-the-middle attack, aka a "Rogue Extension Negotiation."...

mariadb: assertion failure in Item_args::walk_arg

A use-after-free flaw was found in Maria DB. The MariaDB Server contains a use-after-free in the component, Itemargs::walkarg, which is exploited via specially crafted SQL statements, affecting availability...

rubygem-rack: denial of service in header parsing

A denial of service vulnerability was found in rubygem-rack in how it parses headers. A carefully crafted input can cause header parsing to take an unexpected amount of time, possibly resulting in a denial of service...

webkitgtk: Processing web content may lead to arbitrary code execution

A flaw was found in WebKitGTK. This issue occurs when processing malicious web content, which may lead to arbitrary code execution...

golang: net/http, net/textproto: denial of service from excessive memory allocation

A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service...

dotnet: Denial of Service with Client Certificates using .NET Kestrel

A vulnerability was found in dotnet. This issue can lead to a denial of service when processing X.509 certificates...

tomcat: improper cleaning of recycled objects could lead to information leak

A flaw was found in Apache Tomcat. Tomcat may skip, after an error, the recycling of the internal objects that the next request/response process might use, resulting in information leaking from one request to the next. This flaw allows a malicious user to have access to this information...

SUSE CVE-2016-0721

Session fixation vulnerability in pcsd in pcs before 0.9.157...

SUSE CVE-2019-14823

A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attack...

SUSE CVE-2021-2058

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Locking. Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attac...

Mozilla: Improper object tracking during GC in the JavaScript engine could have led to a crash.

The Mozilla Foundation Security Advisory describes this flaw as: During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash...

SUSE CVE-2023-5044

Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation...